Examining the different characteristics of open-source software in relation to security vulnerabilities, can provide the research community with findings that can lead to the development of more secure systems. We present a dataset where the reported vulnerabilities of 8694 open-source project versions, can be correlated with the corresponding source code and a number of software metrics. The metrics were obtained by analyzing the project’s source code via well-established tools. Apart from commonly used metrics (e.g. loc), we also provide data related to modern development trends such as continuous integration and testing. We outline motivational examples based on the dataset we describe.

Zhixing Li College of Computer, National University of Defense Technology, Changsha, China, Yue Yu National University of Defense Technology, Gang YinNational University of Defense Technology, Tao WangNational University of Defense Technology, Huaimin Wang